Journal of Engineering and Applied Sciences
Year:
2018
Volume:
13
Issue:
6 SI
Page No.
5276 - 5285
References
Agawal, M. and A. Singh, 2013. Metasploit Penetration Testing Cookbook. 2nd Edn., Packt Publishing, Birmingham, England, UK., ISBN:9781782166795, Pages: 320.
Allodi, L. and F. Massacci, 2014. Comparing vulnerability severity and exploits using case-control studies. ACM. Trans. Inf. Syst. Secur., 17: 1-20.
CrossRef | Direct Link | Anonymous, 2016. Common vulnerabilities and exposures: The standard for information security vulnerability names. US Department of Homeland Security, Washington, DC., USA. http://cve.mitre.org/.
Castro, M., M. Costa and T. Harris, 2006. Securing software by enforcing data-flow integrity. Proceedings of the 7th Symposium on Operating Systems Design and Implementation, November 06-08, 2006, USENIX Association, Seattle, Washington, ISBN:1-931971-47-1, pp: 147-160.
Chen, T., X.S. Zhang, C. Zhu, X.L. Ji and S.Z. Guo
et al., 2013. Design and implementation of a dynamic symbolic execution tool for windows executables. J. Software Evol. Process, 25: 1249-1272.
CrossRef | Direct Link | Christey, S., 2011. CWE/SANS top 25 most dangerous software errors. MSc Thesis, MITRE Institute, Bedford, Massachusetts.
Coley, S.C., 2016. Common Weakness Scoring System (CWSS). Master Thesis, MITRE Institute, Bedford, Massachusetts.
Ernst, M.D., 2003. Static and dynamic analysis: Synergy and duality. Proceedings of the International Conference on Software Engineering (ICSE) and Workshop on Dynamic Analysis (WODA’03), May 03-10, 2003, University of Portland, Portland, Oregon, pp: 24-27.
FIRST., 2016. Common vulnerability scoring system version 3.0 calculator. FIRST.Org, Inc. Morrisville, North Carolina. https://www.first.org/cvss/calculator/3.0.
Fang, Z., Y. Zhang, Y. Kong and Q. Liu, 2014. Static detection of logic vulnerabilities in Java web applications. Secur. Commun. Netw., 7: 519-531.
CrossRef | Direct Link | ISO., 2016. Introduction to ISO 27005 (ISO27005). ISO, Geneva, Switzerland.
Khan, M.E. and F. Khan, 2012. A comparative study of white box, black box and grey box testing techniques. Intl. J. Adv. Comput. Sci. Appl., 3: 12-15.
CrossRef | Direct Link | Khurana, P., A. Sharma and P.K. Singh, 2016. A systematic analysis on mobile application software vulnerabilities: Issues and challenges. Indian J. Sci. Technol., Vol. 9, 10.17485/ijst/2016/v9i32/100190
Mouzarani, M., B. Sadeghiyan and M. Zolfaghari, 2016. A smart fuzzing method for detecting heap‐based vulnerabilities in executable codes. Secur. Commun. Netw., 9: 5098-5115.
CrossRef | Direct Link | Ransbotham, S. and S. Mitra, 2013. The Impact of Immediate Disclosure on Attack Diffusion and Volume. In: Economics of Information Security and Privacy, Schneier, B. (Ed.). Springer, New York, USA., ISBN:978-1-4614-1980-8, pp: 1-12.
SDLP., 2016. More secure software. SDL PLC, Maidenhead, England, UK.